DeepCover® embedded security solutions cloak sensitive data under multiple layers of advanced physical security to provide the most secure key storage possible.
DeepCover cryptographic controller (MAXQ1061) protects the confidentiality, authenticity and integrity of software IP, communication and revenue models. It is ideal for connected embedded devices, industrial networking, PLC, and network appliances.
The embedded, comprehensive cryptographic toolbox provides key generation and storage up to full SSL/TLS/DTLS support by offering a high level of abstraction. It can also serve as a secure bootloader for an external generic microcontroller.
A flexible file system manages access rights for the objects. The device is controlled over an SPI or I²C interface. *
Cryptographic algorithms supported by the device include all main signature schemes and digest algorithms. A separate hardware AES engine over SPI, allows it to function as a coprocessor for stream encryption.*
The advanced physical, environmental and logical protections, are designed to meet the stringent requirements of FIPS and Common Criteria EAL4+ certifications.
*: More details at "Key Features"
Key Features Applications
Advanced Cryptographic Tool Box Seamlessly Supports Highly Secure Key Storage
Certificates Chain Management
Secure 32KB File System Based on Nonvolatile EEPROM (500K Cycles) for Extensive Key and Certificate Storage
Symm-key: AES-128/-256 (ECB, CBC, CCM)
Asymm-key: ECC NIST P-256, -521, -384
Secure Hash: SHA-256, -384, -512
MAC Digest: CBC-MAC, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512
Signature Schemes: ECDSA (FIPS 186-4)
Key Exchange: EC Diffie-Hellman (TLS)
128-Bit AES Stream Encryption Engine Over SPI (Up to 20Mb/s) Supporting AES-GCM and AES-ECB Modes
On-Chip Key Generation: ECC, AES
Random Number Generation: True RNG
High-Level Functions Simplify SSL/TLS/DTLS Implementations
TLS/DTLS Key Negotiation (PSK, ECDH, ECDHE)
ECDSA Based TLS/DTLS Authentication, Digital Signature Generation and Verification
SSL/TLS/DTLS Packet Encryption (AES)
MAC Algorithm (HMAC-SHA256)
Extensive Host/System Services - Flexibility & Reduce System Cost
Watchdog Timer
Power-On Reset/Brownout Reset
Secure Boot Function
Tamper Detection
Life Cycle Management and Key Loading Protocol
Flexible File System With User-Programmable Access Conditions for Each Object Software Reset
Software Reset, Shutdown, and Wake-Up Functions
Multiple Communication Interface Options for Simpler Connection to a Host Processor
I²C , and SPI Slave Controller with a Dedicated DMA Channel and 128-Bit AES Stream Encryption Engine (AES-GCM , AES-ECB Modes)
Example Applications of Product
Certificate Distribution and Management
Cybersecurity for Critical Infrastructures
Electronic Signature Generation
Secure Access Control